upgrade from RB2011UiAS to something faster - RB450Gx4 ?
Hi all, I've been using the rb2011 for several years now, happy user. I'm about to get faster internet (NBN - please stop snickering), so I'm looking at models that will handle higher throughput and after people's recommendations. Things I care about... * I'm running a few VLANs. there was one rb or Hex model that I played with that didn't handle VLANs as well as the 2011 but I can't remember the reason now. Might have been a software switch and not hardware or something like that. * IPSEC - the 2011 tops out around 16Mbit before it flakes out in my experience. Would like to get more throughput.. if I look at the RB450Gx4 specs and pick the worst-case IPSEC throughput, it claims to do 20Mbit which is better than my real-world experience with the RB2011. * Non-IPSEC NAT - would like it to comfortably handle 100Mbit * I'm running a few other things but nothing that should be too taxing (logging, not a huge number of policies, only a little bit of mangling). * Don't want wifi on it * Don't need POE * Would love to be able to export / import my RB2011 config and have that work :) but I'm guessing it'll have to be a rebuild based upon prior experience switching models. Cheers, Chris
The plain old RB4011 will do just fine. I got the Wifi version when I upgraded to 100/40 NBN a few months ago. It imported my RB2011 config albeit with a few minor changes like removing MAC addresses attached to bridges with no dramas and worked just the same. I didn't have any VLANs, just a few bridges. The CPU in is a 4 core beast and will handle your VLANs just fine at wirespeed. It has hardware accelerated IPSEC. Everything I do on it at 100/40, including simple queues and CAPSMAN the CPU is comatose. You could also go the cheaper RB3011, apart from the big case it's right in between the 2011 and 4011 for power. It will handle your IPSEC requirements with ease too as it has hardware assisted crypto as well. I have seen photos of the RB3011 board fitted into the RB2011 case - it's a shame that never came out. Regards, Jason Hecker <https://www.upandrunningtech.com.au/> <https://www.upandrunningtech.com.au/> On Tue, 5 Nov 2019, at 17:15, Chris Herrmann wrote:
Hi all,
I've been using the rb2011 for several years now, happy user. I'm about to get faster internet (NBN - please stop snickering), so I'm looking at models that will handle higher throughput and after people's recommendations.
Things I care about... * I'm running a few VLANs. there was one rb or Hex model that I played with that didn't handle VLANs as well as the 2011 but I can't remember the reason now. Might have been a software switch and not hardware or something like that. * IPSEC - the 2011 tops out around 16Mbit before it flakes out in my experience. Would like to get more throughput.. if I look at the RB450Gx4 specs and pick the worst-case IPSEC throughput, it claims to do 20Mbit which is better than my real-world experience with the RB2011. * Non-IPSEC NAT - would like it to comfortably handle 100Mbit * I'm running a few other things but nothing that should be too taxing (logging, not a huge number of policies, only a little bit of mangling). * Don't want wifi on it * Don't need POE * Would love to be able to export / import my RB2011 config and have that work :) but I'm guessing it'll have to be a rebuild based upon prior experience switching models.
Cheers,
Chris _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
*giggle* Yeah, the RB4011 will do ANYTHING you want for NBN and home use, no problems at all! I’ve been a bit shitty at it because the mikrotik spec sheet is a bit of a lie (rated throughput is multiple streams with all four CPU cores at 100%..) - I can only get 1.8Gbps through it, single stream (1.1 if connection tracking is enabled). I bought the 4011 to replace one of my 1100AHx4’s because I thought my 1.1Gbps throughput limit was my old 8024F powerconnect switch doing a bad LACP implementation.. But yeah, I’m currently happily doing 1.8Gbps per stream (fast.com reports 2.8Gbps available bandwidth on a windows virtual machine) behind a RB4011, and also able to flatline at 1gbps no problems behind an RB1100AHx4 with an EOIP tunnel to the RB4011 trunking a bunch of VLAN’s between data centers. They’re a very nice bit of kit (same hardware basically as the 1100AHx4 from what I can tell, just a few less ports, plus an SPF+ port) Config import/exports seem to work pretty well. I’ve standardised all my devices with a ‘bridge_root’ bridge which all my ports belong to now, and use vlan filtering on them to get my vlans in/out on various ports as needed. Moving from the 1100AHx4 in SY3 to the 4011 was a ~10 minute job. It wasn’t as simple as just loading the .rsc file, but I was copying&pasting without too many changes as I went. The 1100AHx4 then replaced the old CRS109 that has been running as my LNS for the last 2 years. That was a little more complicated, as the 109 was still using the switch chip for throughput reasons, but still pretty easy :) Cheers, DG On Tue, 5 Nov 2019 at 6:49 pm, Jason Hecker <jason@upandrunningtech.com.au> wrote:
The plain old RB4011 will do just fine.
I got the Wifi version when I upgraded to 100/40 NBN a few months ago. It imported my RB2011 config albeit with a few minor changes like removing MAC addresses attached to bridges with no dramas and worked just the same. I didn't have any VLANs, just a few bridges.
The CPU in is a 4 core beast and will handle your VLANs just fine at wirespeed. It has hardware accelerated IPSEC. Everything I do on it at 100/40, including simple queues and CAPSMAN the CPU is comatose. You could also go the cheaper RB3011, apart from the big case it's right in between the 2011 and 4011 for power. It will handle your IPSEC requirements with ease too as it has hardware assisted crypto as well. I have seen photos of the RB3011 board fitted into the RB2011 case - it's a shame that never came out.
Regards, Jason Hecker <https://www.upandrunningtech.com.au/> <https://www.upandrunningtech.com.au/>
On Tue, 5 Nov 2019, at 17:15, Chris Herrmann wrote:
Hi all,
I've been using the rb2011 for several years now, happy user. I'm about to get faster internet (NBN - please stop snickering), so I'm looking at models that will handle higher throughput and after people's recommendations.
Things I care about... * I'm running a few VLANs. there was one rb or Hex model that I played with that didn't handle VLANs as well as the 2011 but I can't remember the reason now. Might have been a software switch and not hardware or something like that. * IPSEC - the 2011 tops out around 16Mbit before it flakes out in my experience. Would like to get more throughput.. if I look at the RB450Gx4 specs and pick the worst-case IPSEC throughput, it claims to do 20Mbit which is better than my real-world experience with the RB2011. * Non-IPSEC NAT - would like it to comfortably handle 100Mbit * I'm running a few other things but nothing that should be too taxing (logging, not a huge number of policies, only a little bit of mangling). * Don't want wifi on it * Don't need POE * Would love to be able to export / import my RB2011 config and have that work :) but I'm guessing it'll have to be a rebuild based upon prior experience switching models.
Cheers,
Chris _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
I would think an RB3011 would do the job. RB4011 is faster but doesn't do VLANs on the switch chip. That mightn't be a big deal though. Both have hardware IPSEC now. Regards Russell -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Chris Herrmann Sent: Tuesday, 5 November 2019 14:15 To: public@talk.mikrotik.com.au Subject: [MT-AU Public] upgrade from RB2011UiAS to something faster - RB450Gx4 ? Hi all, I've been using the rb2011 for several years now, happy user. I'm about to get faster internet (NBN - please stop snickering), so I'm looking at models that will handle higher throughput and after people's recommendations. Things I care about... * I'm running a few VLANs. there was one rb or Hex model that I played with that didn't handle VLANs as well as the 2011 but I can't remember the reason now. Might have been a software switch and not hardware or something like that. * IPSEC - the 2011 tops out around 16Mbit before it flakes out in my experience. Would like to get more throughput.. if I look at the RB450Gx4 specs and pick the worst-case IPSEC throughput, it claims to do 20Mbit which is better than my real-world experience with the RB2011. * Non-IPSEC NAT - would like it to comfortably handle 100Mbit * I'm running a few other things but nothing that should be too taxing (logging, not a huge number of policies, only a little bit of mangling). * Don't want wifi on it * Don't need POE * Would love to be able to export / import my RB2011 config and have that work :) but I'm guessing it'll have to be a rebuild based upon prior experience switching models. Cheers, Chris _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (4)
-
Chris Herrmann
-
Damien Gardner Jnr
-
Jason Hecker
-
Russell Hurren